[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnRZIelxcjqAY4RvfsPlUY_8pASBOPGYQ7jIfgitXS1g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":35,"analysis":85,"fingerprints":186},"easy-coin-table","Easy Coin Table","1.2","hoangthinhnd","https:\u002F\u002Fprofiles.wordpress.org\u002Fhoangthinhnd\u002F","\u003Cul>\n\u003Cli>Plugin using Coin market cap API https:\u002F\u002Fcoinmarketcap.com\u002Fapi\u002F\u003C\u002Fli>\n\u003Cli>\n\u003Cp>https:\u002F\u002Fcoinmarketcap.com\u002Fapi\u002Fterms\u002F\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Plugin using Information single curency in https:\u002F\u002Ftygiacoin.com\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Ftygiacoin.com\u002Ftien-ao\u002FBTC\u002Fbitcoin\u002F\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Ftygiacoin.com\u002Ftin-tong-hop\u002Fplugin-bang-gia-tien-ao-wordpress-1030.html\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n","Virtual currency rankings wordpress plugin",10,4056,100,1,"2019-09-23T02:45:00.000Z","4.9.29","3.3","",[20,21,22,23],"bitcoin-plugin","coin-table","crypto-table","cryto-compare","https:\u002F\u002Ftygiacoin.com\u002Ftin-tong-hop\u002Fshare-plugin-bang-gia-tien-ao.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-coin-table.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},30,84,"2026-04-04T17:28:30.551Z",[36,56,73],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":27,"num_ratings":27,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":54,"download_link":55,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"bitcartcc-for-woocommerce","Bitcart for WooCommerce","1.0.6","bitcart","https:\u002F\u002Fprofiles.wordpress.org\u002Fbitcartcc\u002F","\u003Cp>Bitcart is a free and open-source cryptocurrency payment processor which allows you to receive cryptocurrency payments directly, with no fees, transaction cost or a middleman.\u003C\u002Fp>\n\u003Cp>Bitcart is a non-custodial invoicing system which eliminates the involvement of a third-party. Payments with Bitcart go directly to your wallet, which increases the privacy and security. Your private keys are never uploaded to the server. There is no address re-use since each invoice generates a new address deriving from your xpubkey.\u003C\u002Fp>\n\u003Cp>You can run Bitcart as a self-hosted solution on your own server, or use a third-party host.\u003C\u002Fp>\n\u003Cp>The self-hosted solution allows you not only to attach an unlimited number of stores and use the Lightning Network but also become the payment processor for others.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Direct, peer-to-peer cryptocurrency payments\u003C\u002Fli>\n\u003Cli>No transaction fees (other than mining fees by crypto network itself)\u003C\u002Fli>\n\u003Cli>No processing fees\u003C\u002Fli>\n\u003Cli>No middleman\u003C\u002Fli>\n\u003Cli>No KYC\u003C\u002Fli>\n\u003Cli>User has complete control over private keys\u003C\u002Fli>\n\u003Cli>Enhanced privacy (no address re-use, no IP leaks to third parties)\u003C\u002Fli>\n\u003Cli>Enhanced security\u003C\u002Fli>\n\u003Cli>Self-hosted\u003C\u002Fli>\n\u003Cli>SegWit support\u003C\u002Fli>\n\u003Cli>Lightning Network support\u003C\u002Fli>\n\u003Cli>Altcoin support\u003C\u002Fli>\n\u003Cli>Attach unlimited stores, process payments for friends\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>1.0.0\u003C\u002Fh3>\n\u003Cp>Initial version\u003C\u002Fp>\n\u003Ch3>1.0.1\u003C\u002Fh3>\n\u003Cp>Fixes for latest Bitcart API updates\u003C\u002Fp>\n\u003Ch3>1.0.2\u003C\u002Fh3>\n\u003Cp>Fixes for Bitcart API updates\u003C\u002Fp>\n\u003Ch3>1.0.3\u003C\u002Fh3>\n\u003Cp>Compatibility with Bitcart v0.5.0.0\u003C\u002Fp>\n\u003Ch3>1.0.4\u003C\u002Fh3>\n\u003Cp>More fixes for invoice processing, clarify params\u003C\u002Fp>\n\u003Ch3>1.0.5\u003C\u002Fh3>\n\u003Cp>Fixes for stock level not increasing in case of expired invoices\u003C\u002Fp>\n\u003Ch3>1.0.6\u003C\u002Fh3>\n\u003Cp>Rename BitcartCC to Bitcart\u003C\u002Fp>\n","Bitcart is a free and open-source cryptocurrency payment processor which allows you to receive cryptocurrency payments directly, with no fees, transac …",20,2611,"2023-08-24T11:13:00.000Z","6.1.10","3.9","5.4",[51,40,52,20,53],"accept-bitcoin","bitcoin","cryptocurrency","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbitcart-for-woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbitcartcc-for-woocommerce.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":11,"downloaded":64,"rating":13,"num_ratings":14,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":18,"tags":68,"homepage":71,"download_link":72,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"bitcoin-payments-for-wp-woocommerce","Bitcoin Payments for WP WooCommerce","1.0","WebPlanex","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebplanex\u002F","\u003Cp>Your online store must use WooCommerce platform (free wordpress plugin).\u003Cbr \u002F>\nOnce you installed and activated WooCommerce, you may install and activate Bitcoin Payments for WooCommerce.\u003C\u002Fp>\n\u003Ch4>Benefits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fully automatic operation\u003C\u002Fli>\n\u003Cli>Accept payments in bitcoins directly into your personal QT wallet.\u003C\u002Fli>\n\u003Cli>Electrum wallet payment option completely removes dependency on any third party service and middlemen.\u003C\u002Fli>\n\u003Cli>Accept payment in bitcoins for physical and digital downloadable products.\u003C\u002Fli>\n\u003Cli>Add bitcoin payments option to your existing online store with alternative main currency.\u003C\u002Fli>\n\u003Cli>Support for many currencies.\u003C\u002Fli>\n\u003Cli>Set main currency of your store in any currency or bitcoin.\u003C\u002Fli>\n\u003Cli>Automatic conversion to bitcoin via realtime exchange rate feed and calculations.\u003C\u002Fli>\n\u003Cli>Ability to set exchange rate calculation multiplier to compensate for any possible losses due to bank conversions and funds transfer fees.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Remove plugin\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Deactivate plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>Delete plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n","Bitcoin Payments for WooCommerce is a Wordpress plugin that allows to accept bitcoins at WooCommerce-powered online stores.",8210,"2015-03-03T09:19:00.000Z","4.0.38","3.0.1",[51,52,69,20,70],"bitcoin-payments","bitcoin-wordpress-plugin","http:\u002F\u002Fwww.webplanex.co.in\u002FPlugins\u002FBitcoinPayment\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbitcoin-payments-for-wp-woocommerce.zip",{"slug":74,"name":75,"version":59,"author":76,"author_profile":77,"description":78,"short_description":10,"active_installs":11,"downloaded":79,"rating":13,"num_ratings":14,"last_updated":80,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":81,"homepage":83,"download_link":84,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"top-coin","Top Coin","Huy Kira","https:\u002F\u002Fprofiles.wordpress.org\u002Fhuykiradotnet\u002F","\u003Cp>Display the virtual currency, updated every minute\u003Cbr \u002F>\nPlugin uses api from coinmarketcap.com\u003Cbr \u002F>\nFor more history, see: https:\u002F\u002Fhuykira.net\u002Fshare-code\u002Fshare-plugin-bang-gia-tien-ao.html\u003C\u002Fp>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n",5550,"2017-12-11T01:27:00.000Z",[20,82,74],"currency-rankings","https:\u002F\u002Fhuykira.net\u002Fshare-code\u002Fshare-plugin-bang-gia-tien-ao.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftop-coin.zip",{"attackSurface":86,"codeSignals":112,"taintFlows":171,"riskAssessment":172,"analyzedAt":185},{"hooks":87,"ajaxHandlers":103,"restRoutes":104,"shortcodes":105,"cronEvents":111,"entryPointCount":14,"unprotectedCount":27},[88,94,98],{"type":89,"name":90,"callback":91,"file":92,"line":93},"action","wp_enqueue_scripts","ht_styles","bitcoin-plugin.php",25,{"type":89,"name":95,"callback":96,"file":92,"line":97},"admin_menu","ht_add_menu",38,{"type":89,"name":99,"callback":100,"file":101,"line":102},"widgets_init","anonymous","includes\\widget.php",68,[],[],[106],{"tag":107,"callback":108,"file":109,"line":110},"cointable","create_shortcode_ht","includes\\shortcode.php",42,[],{"dangerousFunctions":113,"sqlUsage":117,"outputEscaping":119,"fileOperations":169,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":170},[114],{"fn":115,"file":101,"line":102,"context":116},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"ht_plugin_widget\");'));",{"prepared":27,"raw":27,"locations":118},[],{"escaped":27,"rawEcho":120,"locations":121},32,[122,125,126,127,128,129,130,132,134,135,136,138,140,142,144,145,146,147,148,149,150,152,154,155,157,159,161,162,163,165,167,168],{"file":109,"line":123,"context":124},22,"raw output",{"file":109,"line":93,"context":124},{"file":109,"line":93,"context":124},{"file":109,"line":93,"context":124},{"file":109,"line":93,"context":124},{"file":109,"line":93,"context":124},{"file":109,"line":131,"context":124},27,{"file":109,"line":133,"context":124},29,{"file":109,"line":32,"context":124},{"file":109,"line":32,"context":124},{"file":109,"line":137,"context":124},34,{"file":109,"line":139,"context":124},35,{"file":101,"line":141,"context":124},14,{"file":101,"line":143,"context":124},15,{"file":101,"line":120,"context":124},{"file":101,"line":120,"context":124},{"file":101,"line":120,"context":124},{"file":101,"line":120,"context":124},{"file":101,"line":120,"context":124},{"file":101,"line":137,"context":124},{"file":101,"line":151,"context":124},36,{"file":101,"line":153,"context":124},37,{"file":101,"line":153,"context":124},{"file":101,"line":156,"context":124},45,{"file":101,"line":158,"context":124},59,{"file":101,"line":160,"context":124},60,{"file":101,"line":160,"context":124},{"file":101,"line":160,"context":124},{"file":101,"line":164,"context":124},63,{"file":101,"line":166,"context":124},64,{"file":101,"line":166,"context":124},{"file":101,"line":166,"context":124},2,[],[],{"summary":173,"deductions":174},"The 'easy-coin-table' v1.2 plugin presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and not making external HTTP requests. There are no known historical vulnerabilities (CVEs) associated with this plugin, which is a strong indicator of its past security. Furthermore, the static analysis shows a very small attack surface with no unprotected entry points in terms of AJAX handlers, REST API routes, or cron events.\n\nHowever, significant concerns arise from the static analysis of the code. The presence of the `create_function` is a critical security risk, as it is highly susceptible to arbitrary code execution if user-supplied data is passed into it. Additionally, the analysis indicates that 100% of the 32 detected outputs are not properly escaped, meaning that reflected Cross-Site Scripting (XSS) vulnerabilities are highly probable. The lack of nonce and capability checks on the single shortcode entry point also leaves it vulnerable to CSRF attacks and unauthorized access to its functionality by unauthenticated or low-privileged users.\n\nGiven the absence of historical vulnerabilities, it's possible the plugin authors have been diligent in the past. However, the current code exhibits fundamental security flaws that could be exploited. The reliance on `create_function` and the complete lack of output escaping are particularly alarming and would require immediate attention to secure the plugin.",[175,177,180,183],{"reason":176,"points":143},"Use of dangerous function: create_function",{"reason":178,"points":179},"0% properly escaped output across 32 outputs",12,{"reason":181,"points":182},"Missing nonce checks",7,{"reason":184,"points":182},"Missing capability checks","2026-03-17T01:29:28.656Z",{"wat":187,"direct":196},{"assetPaths":188,"generatorPatterns":190,"scriptPaths":191,"versionParams":193},[189],"\u002Fwp-content\u002Fplugins\u002Feasy-coin-table\u002Fcss\u002Fht_style.css",[],[192],"\u002Fwp-content\u002Fplugins\u002Feasy-coin-table\u002Fjs\u002Fht_script.js",[194,195],"easy-coin-table\u002Fcss\u002Fht_style.css?ver=","easy-coin-table\u002Fjs\u002Fht_script.js?ver=",{"cssClasses":197,"htmlComments":200,"htmlAttributes":201,"restEndpoints":205,"jsGlobals":206,"shortcodeOutput":207},[198,199],"ht-inner-table","ht-table-coin",[],[202,203,204],"col-container","col-left","col-right",[],[],[208,209],"[cointable num=\"5\"]","[cointable num=\"10\"]"]